From Joel of Infra-IT:
Online backup may seem like an extraneous cost—you’ve got a hard-copy backup system in place, you plead, and a protocol that requires an employee to take data off-site—but read on, and you might think twice.
Reuters is reporting today that a laptop computer has been stolen from a network security vendor for Gap, Inc. that contains personal information from 800,000 applicants to the various stores under the Gap company umbrella. Unlike the Monster.com data breach discussed earlier in this blog, this one could be more serious: applicant information does in fact include social security numbers.
Stolen information includes those from applicants who applied to Old Navy, Banana Republic and Gap stores between June 2006 and June 2007 in the United States, Puerto Rico and Canada. According to the company, Canadians’ Social Insurance Numbers were not stolen.
And, contrary to the agreement with its vendor, the information collected on the laptop was not encrypted.
Without details on the theft, including how, if at all, security protocol was not followed by the vendor, it’s impossible to make judgments on how Gap and the unnamed vendor might have avoided such a loss. However, the fact that network security in this case was exploited at the level of physical product—physically taking the laptop instead of hacking the network—immediately should make those who use only hard-copy backup for network security wary.
The Ohio Office of Management and Budget rues the day it trusted its backup tapes to an intern. And now, Gap’s security precautions have made it rethink its own data security and vendor confidence.
Don’t let the same happen to your business!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment